What to look for and how to protect your business

It’s difficult to summarize all the cyber security trends that can wreak havoc on the retail and service industry. It’s even more challenging when addressing all the attacks we’ve had on the retail industry since the start of 2020. Under constant threat of cyber-attacks, it’s crucial to any business that they know their areas of weakness and how to mitigate them.

Below, you will find two prevalent methods of attack by hackers and steps you can take to prevent them from happening to your company.

Attacking Third-Party Vendors
Outsourcing digital operations has become more popular in recent years due to its cost-effectiveness and efficiency. Utilizing third-party vendors allow businesses to improve their product and service offerings and work directly with experts in a given field. Whereas hackers generally define a target and attack them directly, they have been increasingly targeting vulnerable third-party vendors to gain indirect access to a company’s resources. In 2020, some of the biggest names in retail from Amazon, eBay, Shopify, and PayPal were victims of data leaks due to attacks on third-party vendors [1]. Any data breach can be detrimental to a business – be it a battered reputation, loss of consumer data, legal battles, or even shuttering the business altogether. So, how can you be sure third-party vendors are protecting their data correctly? Here are a few steps you can take to minimize the risk of working with vendors that could cripple your supply chain.

1) Research – It may seem trivial, but asking vendors about their security policies, risk mitigation strategies and incident response plans can quickly weed out vulnerable third-party vendors.

2) Establish Access Rights and Responsibilities – Create ‘Service Level Agreements’ (SLAs) that outline who has access to what data and what they are allowed to do with it. This will help limit the scope of who has access to your data and how they can use it.

3) Set Up a Vendor Management Team – This is a small internal team that vets third-party vendors, creates risk reports, controls third-party vendor access, conducts third-party audits, and creates an incident response plan for any given vendor.

4) Staff Training – Hacks and data breaches are common enough that every company should have some security awareness training. Even limited security training can inform staff on how to recognize the signs of a data breach and implement proper policies when sharing data with third parties.

Ransomware

Being the victim of a ransomware attack can be costly for any business, big or small. Contrary to popular belief, most companies (66%) end up paying the ransom [2]. With the average payout for a mid-sized organization being in the range of $170,000 [3]. One of the most recent attacks influencing the retail industry occurred in July 2021 on the Miami-based tech firm, Kaseya, which helps businesses manage their computer systems. The attack shut down the payment systems in various Coop Grocery stores across Sweden. One of the reasons this is such a problem, is that ransomware is easy. In the majority of cases, ransomware is delivered via malicious email. During the COVID-19 pandemic, malicious emails have risen as much as 600% [3]. Below are a few steps you can take to help protect yourself and your organization from being the subject of the next ransomware attack:

1) Back Up Your Computer Frequently. This should include any files that are essential to the operation of your network and business. One of the safest and easiest ways to protect yourself is to have backups saved to an external hard drive then disconnect the external drive from the computer. This ensures any data saved to the drive is unreachable by any malicious program on the computer. A good rule of thumb is the 3-2-1 rule: 3 copies in 2 formats with at least 1 off-site copy.

2) Keep Your Operating System and Applications Up to Date. Most ransomware attacks exploit unpatched or vulnerable computers and programs. Keeping them up to date will prevent hackers from being able to use these exploits.

3) Verify Your Emails

  1. a) Verify Sender: If you come across an email that appears to be from a legitimate source but looks suspicious, delete the email and try contacting the sender directly through a newly created email. This will ensure any malicious email is deleted without any further interaction.
  2. b) Look at the Links within the Email. Usually, you can tell if an email is malicious because the URL that navigates the user to a malicious site does not match the site listed in the link text.
  3. c) Look at the Language and Vernacular within the Email. It’s not uncommon in a malicious email to find things like spelling and grammar mistakes. Also take note of the intent of the email. Often, hackers will use threatening or urging phrases meant to spur you into action without thinking about the consequences.

Staying informed and vigilant are some of the primary factors in keeping your company protected from a cyber-attack, and implementing simple protocols can make all the difference. Questions on cyber security in retail? Reach out.

 

Sources:

[1] https://www.ekransystem.com/en/blog/third-party-providers

[2] https://www.retaildive.com/news/survey-finds-many-retailers-have-paid-off-ransomware-hackers/525684/

[3] https://www.varonis.com/blog/ransomware-statistics-2021/